Thursday, June 2, 2016

Hillary Clinton, the Cenus Bureau, and Information Security

tulsatoday.com

Let's talk a little bit about government data and information security, shall we?

I used to work for the Census Bureau. In my last go-round, I was a Field Representative, pretty much the lowest person on the totem pole. I went around to people's houses and asked them various questions, so the government could collect data on (in this particular case) crime victims.

The Census Bureau in general, and the Field Reps in particular, deal with a lot of people's personal data. They collect names, addresses, birth dates, education levels, number of children, sometimes income and similar information. Nothing particularly earth-shattering, but also nothing that most people would want paraded around in public.

The Census Bureau as an institution takes this trust very seriously. Their mantra is the protection of personal information. Census Bureau employees take an oath to protect such information and never to reveal it, even after they leave Census Bureau employment. Read that again... Census Bureau employees take an oath -- you know, raise your right hand, I [state your name] do solemnly swear... Seriously. It is essentially the same oath that the Vice-President takes upon inauguration, except it contains an additional clause about never revealing personal information of Census respondents.

Census Bureau employees are reminded of this responsibility at least once a week, and take training courses at least annually to reinforce this knowledge. You will not reveal personally identifying information. Period. End of story.

If a Census Bureau employee does reveal personal information, it is a serious crime. The penalty is up to five years in prison and a $250,000 fine. Read that one again, too: five years in prison, and a $250,000 fine. So if I am a Census Bureau employee and I interview you for the survey I am doing, and you tell me your income is $85,000 a year, and then I mention that fact to your neighbor, I can go to jail for five years!

Information collected for the Census Bureau cannot even be revealed to law enforcement or to the IRS. If a Census Bureau employee goes to interview a household and there is a meth lab in that household, the employee cannot reveal that information to anyone. If he or she does, for example, call the police, the meth lab owners will be set free (because the information was obtained illegally) and the Census employee will go to jail (for revealing personal information).

On top of all that, all this information that Field Reps collect is stored on government-issued laptop computers. The hard drives of these computers are encrypted. They require a password, and in some cases a physical "dongle," to access. Software ensures that the password is changed every 60 days. And it cannot be a stupid password like "password" or "fido," it has to be a strong, secure password.When information is transmitted from the field to headquarters, or vice versa, it is transmitted over a secure connection. Employees are not allowed to use their personal email accounts for Census Bureau business, and are never allowed to include the personal information of respondents in any email communication, even on the Census Bureau internal email system. Because email is considered inherently insecure. There is a separate, secure (encrypted) email system for those (rare) occasions when something absolutely must be sent in an email.

Keep all this in mind as we now turn the conversation to Hillary Clinton and her infamous email server.Hillary Clinton was the Secretary of State of the United States. She was not some lowly Census Bureau Field Rep trudging from one house to another where the people didn't even want to talk to her. She was fifth in line to the Presidency, responsible for managing the sprawling U.S. diplomatic corps around the world. The information she had access to was not Joe Blow's highest educational level and annual salary. She had access to highly confidential information about sensitive international negotiations, about various world leaders, probably about spies and other operatives. She had access to highly classified information -- information, most likely, that was even more sensitive than the information leaked by so-called "traitor" Edward Snowden.Yet Hillary Clinton and her apologists say that it was no big deal that she stored this sensitive, classified, issues-of-war-and-peace information on insecure servers and transmitted it through insecure channels. They say it is no big deal that, against the wishes of the State Department security team, she used her own personal (insecure) Blackberry for email communication, rather than a government-issued secure device. They say it is no big deal that she processed and stored all of these emails on an insecure machine set up in, of all places, her own home.

A few days ago, I saw one of those Facebook political memes that listed "The Negatives." Under Donald Trump's picture was a whole list of perceived negatives. Under Hillary Clinton's was a single one: "She sent emails from her cell phone."Anyone who creates or perpetuates a meme of this sort is either stupid or a liar. The issue is not that Hillary Clinton sent a "WYD?" email to daughter Chelsea from her cell phone. The issue is a damned serious one: That Hillary Clinton, Secretary of State of the United States and someone who supposedly should know better, sent sensitive and often classified information across insecure channels and stored said information on insecure servers. After having been warned against it by her own experts.This single act shows that Hillary Clinton is either incredibly stupid or incredibly arrogant. Either she didn't know that doing this was, let's say, not the brightest thing in the world (although any newly hired Census Bureau Field Representative would know); or she didn't care, meaning that she would endanger the safety and security of her country, and most likely break a half-dozen laws in the process, because using her own Blackberry and doing things "her way" was too important to her.During this presidential campaign, I've heard a lot of "not qualified to be President" accusations thrown at pretty much all of the candidates on both sides. But for me, a former Census Bureau employee, this one takes the cake. Like I said, what Hillary Clinton did here -- and not just once, but for an ongoing period -- demonstrates either complete stupidity or complete arrogance.

I suspect it also demonstrates a complete disregard for the law, because I doubt that lowly Census Bureau Field Representatives are held to a higher legal standard than the Secretary of State. Or... maybe they are, because they can't afford the spin doctors and knee-jerk partisan sympathy votes that former Secretaries of State can....Let's be clear: I don't have a lot of use for the Republican Party at this point in time. But if you are a Democrat and writing off these accusations against Hillary Clinton as just partisan politics -- or worse yet, if you actually don't think they are serious and you are defending her -- I really urge you to think again. The Republicans may be making political hay off of this, but it's not too different from Democrats having made political hay over Nixon's Watergate coverup.In both cases, the targets of the accusations were, in fact, arrogant law-breakers, political hay notwithstanding...